Use of active topology protocols, including the spanning tree, for resilient redundant connection of an edge device

ABSTRACT

A method for configuring a network, and a network configured according to such method, provide resilient, redundant connection to an edge device. The system, while not allowing the edge device to participate in the active topology of the network, chooses the active link from the edge device to the network on the basis of the spanning tree information received by the device, but does not allow it to forward or generate spanning tree information. The method manages the redundant connections of an edge device between a first network and a second network, where the second network is managed according to a spanning tree protocol in which spanning tree configuration messages propagate among switches in the second network. The redundant connections are made via a plurality of ports on the edge device coupled to the second network. The edge device monitors spanning tree configuration messages at least one port of the plurality of ports on the edge device coupled to the second network; selects a port in the plurality of ports on the edge device coupled to the second network as an active port for traffic between the second network and the edge device, in response to the spanning tree configuration messages; and prevent traffic ingressing at any port coupled to the second network from egressing at any port coupled to the second network. The selected active port is the port having a least cost path to a root of the second network according to the spanning tree protocol.

PROVISIONAL APPLICATION DATA

[0001] The present application claims the benefit under 35 U.S.C. §111(b) and 35 U.S.C. §119(e) of the provisional application no. 60/186,470, filed Mar. 2, 2000, entitled BROADBAND SERVICE NETWORK AND E-COMMERCE PROVISIONING SYSTEM, naming inventors Michael Seaman, Vipin Jain, Gary Jaszewski, Bob Klessig, Peter Van Peenen, and David Braginsky.

CONTINUING APPLICATION DATA

[0002] The present application is a continuation-in-part of co-pending U.S. patent application No. 09/634,566, filed: Aug. 9, 2000, entitled E-COMMERCE SYSTEM FACILITATING SERVICE NETWORKS INCLUDING BROADBAND COMMUNICATION SERVICE NETWORKS, which is incorporated by reference as if fully set forth herein.

BACKGROUND OF THE INVENTION

[0003] 1. Field of the Invention

[0004] The present invention relates to configuration of edge devices for networks, including broadband communication networks, and more particularly to configuration of networks managed according to an active topology protocol, including the spanning tree protocol.

[0005] 2. Description of Related Art

[0006] In an enterprise data network, devices are often connected into switched networks configured by an active topology protocol, such as the Spanning Tree Protocol IEEE802.1D. In high data rate networks using active topology protocols, connections between packet switches are sometimes made by point to point links, using for example fiber optic cable, in a ‘redundant, dual-homed, tree like’ topology to facilitate rapid reconfiguration with the minimum loss of service. The revised spanning tree protocol under standardization in IEEE 802.1w is a suitable protocol for establishing the failover rules in the network. The recently completed link aggregation standard, IEEE Std. 802.3ad, is another—providing for resiliency of parallel links. These technologies in high bandwidth configurations, are being applied in the metropolitan area network environment as well.

[0007] The IEEE 802.1 spanning tree provides for redundant connections within a network, where data transmitted from one attachment to the network to another is constrained to follow a loop free path. It reduces the physical topology of the network to an active topology that is both loop free (‘tree’) and fully connected (‘spanning’).

[0008] Redundant connection of the edge devices to the active topology network creates a possibility of a loop forming through the edge device to maintain the spanning tree. Thus in the prior art, edge devices coupled to the spanning tree network, have not participated in the tree, so that they do not become transit nodes for traffic of the network. In the past, the selection of one link or another for connection to the interior of a network, has been performed by a simple physical layer redundancy scheme that interrogates the health of the links from an edge switch to the network. One link is configured as a primary, or active, link and the secondary link is activated only if the primary fails a simple connectivity test to the remainder of the network, e.g. loss of the transmitted light signal. However, this fails to select the best route for the connection to the root of the tree in an active topology, like that provided by the spanning tree.

[0009] It is desirable therefore to provide a technique for selecting an active port for connection of an edge device to a spanning tree network or other active topology network, which is easy to configure, scalable and efficient.

SUMMARY

[0010] This invention comprises a method for configuring a network, and a network configured according to such method, providing resilient, redundant connection to an edge device. The system improves on the prior art arrangements, while not allowing the edge device to participate in the active topology of the network managed for example according to a spanning tree protocol, by choosing the active link from the edge device to the network on the basis of the active topology information received by the device, but not allowing it to forward or generate active topology information. This arrangement protects against a failure in the network that causes the switch connected to by the edge device to be separated from the main body of the network, by allowing the edge device to use the active topology information propagated in the network to select a link to the network based upon changes that occur remote from the switch to which it has immediate connection.

[0011] According to one embodiment of the invention, the method manages the redundant connections of an edge device between a first network and a second network, where the second network is managed according to a spanning tree protocol in which spanning tree configuration messages propagate among switches in the second network. The redundant connections are made via a plurality of ports on the edge device coupled to the second network. The method comprises

[0012] monitoring spanning tree configuration messages at least one port of the plurality of ports on the edge device coupled to the second network;

[0013] selecting a port in the plurality of ports on the edge device coupled to the second network as an active port for traffic between the second network and the edge device, in response to the spanning tree configuration messages; and

[0014] preventing traffic ingressing at any port coupled to the second network from egressing at any port coupled to the second network.

[0015] The active port is selected in a preferred embodiment by selecting a port having a least cost path to a root of the second network according to the spanning tree protocol. The edge device does not propagate, nor generate spanning tree configuration messages.

[0016] According to one aspect of the invention, a communication system is provided using technology that has been developed within the communications, enterprise data networking, electronic commerce, and carrier service provider industries. The system is configured to provide service in new ways, supporting secure point-to-multipoint channels, and other connectivity options in a manner particularly complementary to a provisioning process and system described in the above referenced application entitled E-COMMERCE SYSTEM FACILITATING SERVICE NETWORKS INCLUDING BROADBAND COMMUNICATION SERVICE NETWORKS.

[0017] The network architecture in a preferred embodiment organizes switches into demarcation devices, access switches and interior switches.

[0018] Demarcation devices (also referred to herein as service interface units) are edge devices typically, but not necessarily, located on a single customer's premises. Each demarcation device supports one or more of service interfaces, identifiable by unique addresses such as Ethernet MAC addresses, by which a customer network is connected to the active topology network, and one or more ‘drops’ that connect to access ports on access switches.

[0019] Access switches are located on premises physically secured, linked by a communication media of choice, including for example fiber optic cable, to a collocation site in the metropolitan area network. In addition to access ports coupled to the demarcation devices, the access switches have interior network ports that connect to interior switches at the collocation sites within the network.

[0020] Interior switches form the heart of the network, typically in collocation sites of the metropolitan area network, having ports coupled to the interior ports of the access switches.

[0021] The identity of the connected device on a service interface is ascertained by observing packets transmitted by the device at the service interface of the demarcation device. Each packet contains a source address, such as a source MAC address. The MAC address is captured by the service interface and a notification sent to the system managing the network using normal network management protocols. The management system assures itself that the MAC address is unique. Filters are configured on access ports of the access switches to ensure that only packets with source addresses checked in this way are accepted from the attached demarcation device. Similarly only packets from source addresses that are permitted to transmit to the demarcation device are allowed to egress from the access port to the demarcation device.

[0022] Interior switches do not filter or otherwise constrain connections on the basis of the identities of devices attached to either the transmitting or receiving service interfaces. This allows the active topology maintained by interior switches to scale independently of the number of active connections through the network, and to reconfigure rapidly since information concerning individual connections does not have to be communicated or changed during reconfiguration.

[0023] Modification of the spanning tree for resilient redundant connection of an edge device, such as a packet switch positioned as a demarcation device, to a network is provided according to the present invention. In the network, demarcation devices can provide for redundant connections to the rest of the network. Selection of one link in preference to another can be achieved by use of the spanning tree or another active topology protocol. However, only traffic that is transmitted by or destined for a given customer is allowed to reach that customer's demarcation device. It is not desirable that a demarcation device act as a transit link in the network, that would be used to ensure full connectivity from one part of the network to another, either during a reconfiguration of the network or while the active topology is stable. Rather the network should partition if there is no connectivity other than through a demarcation devices between the two halves.

[0024] A range of options is offered to customers to control changes to the source MAC address used on the service interfaces of demarcation devices including automatic configuration, latching of a learnt address, explicit manual configuration, and identification of attempts at intrusion into the network.

[0025] The system is capable of extension to allow additional security protocols to establish the identity of the connecting system. Once that identity has been established, the MAC address of the transmitting system is used, as described above, to secure connections.

[0026] Disconnection and reconnection of the device can be detected, even if the same MAC address is used throughout. This protects against attempts to masquerade once a device identity has been established.

[0027] A foundation of industry standard products and practices in the following areas is used to construct the novel networks, including for one example:

[0028] Fiber optic transmission technology using WDM (wave division multiplexing) to carry additional bandwidth through the use of many ‘colors’ of light on a single fiber, controlled and

[0029] Gigabit (or higher) Ethernet packet switching technology to accept and deliver IP data from and to customers, providing a highly reliable service.

[0030] Electronic commerce technology to allow customers and their authorized agents to order, configure, and manage the communications services delivered and to enter into business agreements with other suppliers of services using the system's communication services.

[0031] In each of these areas a number of novel practices and inventions support and advance the communications network and services.

[0032] Configuration of links and link segments to facilitate rapid reconfiguration of interconnected packet switches is provided in support of the commercial provisioning system.

[0033] A set of rules and heuristics is provided for the use and configuration of fiber optic transmission facilities, purchased or leased in ring configurations, as a set of links comprising selected concatenated segments from a set of rings. The resulting configurations have benefits in networks including:

[0034] 1) They allow the use of high bandwidth low cost enterprise data packet switching equipment in the collocation facilities, while providing high network availability through the use of rapid reconfiguration with redundant links and switches.

[0035] 2) They allow the use of general mesh topologies to support redundancy, rather than restriction to rings or rings with extraordinary interconnection arrangements.

[0036] In addition to realizing these topologies by concatenating physical segments from rings, equipment is provided so that a link can comprise logical segments, each consisting for example of a wavelength of light transmitted and received by WDM (wavelength division multiplexing) equipment attached to the physical fiber segment running between two locations on a ring. Electronic switching of the transmitted information stream at each ring node from one wavelength on a segment to another wavelength on the next, or to an attached device, allows for electronic rearrangement of the set of links connected to each packet switch in the network.

[0037] Spatial reuse in a packet based data network with a ring topology is accomplished in the preferred network configuration. The network architecture uses packet switches with rapid reconfiguration protocols and VLAN technology to constrain packets that might otherwise be broadcast or flooded to the necessary paths between access ports in the network. Thus a combination of existing standard technologies serves to support the same robust efficient communications goals sought by new non-standard equipment.

[0038] Security arrangements for a packet switched data transmission network using LAN switches are provided. The network makes use of packet data switching equipment that is typically used in private data networks. While such equipment has facilities that can be used to construct ad-hoc security arrangements, a systematic approach to security is provided by the present invention.

[0039] The network ensures that no data is ever delivered to a service interface other than the service interface(s) explicitly authorized by the customer whose network attached equipment transmits the data, and that no data is received on a service interface other than data from the service interface(s) explicitly authorized by the customer whose network attached equipment is receiving the data.

[0040] The mechanisms that the system uses to ensure such secure delivery include:

[0041] (a) The organization of switches within the network architecture and the placement of security functions within that architecture.

[0042] (b) Assuring a unique identity for each device connected to a service interface anywhere within the network.

[0043] (c) Checking that identity at points identified within the network (see a. above)

[0044] (d) Ensuring that the identity of each of the customers/parties controlling the assignment of service interfaces and the connections between them is securely known.

[0045] (e) Providing for the known delegation of control within the constraints imposed by (d) above.

Other aspects and advantages of the present invention can be seen on review of the figures, the detailed description and the claims, which follow. BRIEF DESCRIPTION OF THE FIGURES

[0046]FIG. 1 is a diagram of a commercial communication service with an Internet based provisioning server according to the present invention.

[0047]FIG. 2 is a block diagram of a network managed according to an active topology protocol, and including edge devices with resilient, redundant connections to the network, according to the present invention.

[0048]FIG. 3 is a diagram illustrating an edge device architecture according to the present invention.

[0049]FIG. 4 shows a network configured according to a spanning tree protocol, with edge devices according to the present invention.

[0050]FIG. 5 illustrates a redundant switch access service with parallel drops.

[0051]FIG. 6 illustrates a parallel single tenant access service with two drops coupled to a single access switch.

[0052]FIG. 7 illustrates a fully redundant single tenant access service according to one aspect of the invention.

[0053]FIG. 8 illustrates a collocation facility access arrangement for connection to the secure MAN of the present mention.

[0054]FIG. 9 illustrates another example collocation facility access arrangement.

[0055]FIG. 10 illustrates a fiber MAN network physically laid out as a ring, and partitioned as segments of the secure MAN of the present invention.

DETAILED DESCRIPTION

[0056]FIG. 1 illustrates a communications service example, based on provisioning links among a variety of customers within a secure metropolitan area network MAN. In FIG. 1, a secure MAN based upon a layer two packet switched protocol, preferably Ethernet, and in which the switches are managed by an active topology protocol such as the spanning tree protocol, is represented by cloud 60. A number of customers, including Internet service provider 61, outsourcing vendor 62, “enterprise 1” with a North campus 63, a West campus 24, and a South campus 25, and “enterprise” 2 66 and enterprise 3 67, are coupled to the secure MAN 60 by appropriate physical and logical interfaces. A provisioning server 71 is coupled to the secure MAN 60, either using the secure MAN medium or by other communication channels to the switches and other resources in the secure MAN, and facilitates transactions among the customers of the secure MAN 60 for establishing communication channels, such as the virtual connections discussed above, and provisioning of services agreed to by the customers with the resources of the secure MAN 60. In one embodiment, configuring and allocating of services within the secure MAN 60 to support the links among the customers, is managed by the provisioning server using a management protocol such as Telnet or SNMP, under which filters and other control data structures in the switches are configured. In this manner, the provisioning server is available via the Internet to customers and potential customers of the secure MAN 60, using standard technology.

[0057] Virtual connection services allow rich connectivity among all customer locations on the secure MAN network. Examples include:

[0058] A mesh connected, multipoint-to-multipoint virtual connection service 35 dedicated to a single enterprise for connecting campuses together.

[0059] A point-to-multipoint virtual connection service 76 connecting an Internet Service Provider to customers.

[0060] A point-to-point virtual connection service 77 connecting an enterprise location to an outsourcing vendor.

[0061] A point-to-point virtual connection service 78 connecting two enterprises.

[0062] A single customer can have simultaneous intra-enterprise and extra-enterprise communications using the secure MAN, provisioned according to the present invention.

[0063] Edge devices (not shown) between the customer networks or devices, and the secure MAN support security processes for the MAN, and include redundant connections to switches in the network in a preferred configuration for improved reliability and efficiency.

[0064] A detailed description of one example of the secure MAN provisioning embodiment is provided in the above referenced application entitled, E-COMMERCE SYSTEM FACILITATING SERVICE NETWORKS INCLUDING BROADBAND COMMUNICATION SERVICE NETWORKS, which is incorporated by reference as if fully set forth herein.

[0065]FIG. 2 is a block diagram of a network configured according to the present invention to support point-to-multipoint virtual connections, among a plurality of customers of a public metropolitan area network. The customers have local networks 100, 101, 102, and 103. Each of the customers includes customer equipment, such as a router (not shown), having unique MAC addresses, connected by a link to a port on a service interface unit. Thus, the customer 100 is connected by links 100-1 and 100-2 to the service interface unit 105. The customer 100 connected by links 100-3 and 100-4 to the service interface unit 106. The customer 101 is connected by link 101-1 to the service interface unit 107. The customer 102 connected by the links 102-1 and 102-2 to service interface unit 108. Customer 103 is connected by link 103-1 to service interface unit 109. The service interface units comprise switches at customer premises in which demarcation points for access to the metropolitan area network are established. Each of the links 100-1 through 100-4, 101-1, 102-1, 102-2, and 103-1 are connected at the customer side to ports on customer devices having unique MAC addresses. Thus the demarcation points for the network can be considered ports on the service interface unit characterized by the unique MAC addresses of the attached customer equipment.

[0066] The service interface units 105-109 are connected by point-to-point links to access switches 110, 111, 112 in the network. Thus, service interface unit 105 is coupled by links 105-1 and 105-2 to the access switch 110. Service interface unit 105 is coupled by the link 105-3 to the access switch 111. Service interface unit 106 is coupled by the link 106-1 to the access switch 110, and by link 106-2 to the access switch 111. Service interface unit 107 is coupled by the link 107-1 to the access switch 111, and by the link 107-2 to the access switch 112. Service interface unit 108 is coupled by the link 108-1 to the access switch 111, and by the link 108-2 to the access switch 112. Service interface unit 109 is coupled by the link 109-1 and by the link 109-2 to the access switch 112. The service interface units 105-109 are managed so that only one of the links between the service interface units and an access switch in the network is active at anytime. A modified spanning tree protocol is utilized to select the active link as described below.

[0067] The access switches 110-112 are coupled to interior switches of the metropolitan area network 115.

[0068] According to the preferred embodiment of the present invention, the security arrangements for the virtual channels are deployed in the access switches 110-112 via source address filtering based upon the unique MAC addresses of the demarcation points at service interface units in the network.

[0069] The following excerpt from the IEEE Draft P802.1w/D9, from pages 37-38, provides background concerning operation of one standard spanning tree protocol, known as the Rapid Spanning Tree Algorithm, used for managing an active topology of the network including the access switches and interior switches.

[0070] The Rapid Spanning Tree Algorithm assigns one of the following Port Roles to each Bridge Port: Root Port, Designated Port, Alternate Port, or Backup Port. A fifth role, Disabled Port, identifies a Port as having no role within the operation of Spanning Tree. Port Role assignments for ports throughout the Bridged Local Area Network are determined by: a) A unique Bridge Identifier associated with each Bridge, b) A Path Cost associated with each Bridge Port, c) A Port Identifier associated with each Bridge Port, as follows.

[0071] The Bridge with the best Bridge Identifier is selected as the Root Bridge. The unique Bridge Identifier for each Bridge is derived, in part, from the Bridge Address (7.12.5) and, in part, from a manageable priority component (9.2.5). The relative priority of Bridges is determined by the numerical comparison of the unique identifiers, with the lower numerical value indicating the better identifier. Every Bridge has a Root Path Cost associated with it. For the Root Bridge this is zero. For all other Bridges it is the sum of the Path Costs for each Bridge Port receiving frames on the least cost path from the Root Bridge to that Bridge. The Path Cost associated with each Port may be manageable. Additionally, 17.28.2 recommends default values for the Path Costs associated with Ports attached to LANs of specific MAC types and speeds.

[0072] The Bridge Port on each Bridge receiving the frames on the least cost path from the Root Bridge is assigned the role of Root Port for that Bridge (the Root Bridge does not have a Root Port). If a Bridge has two or more ports with the same least Path Cost sum from the Root, then the port with the best Port Identifier is selected as the Root Port. Part of the Port Identifier is fixed and is different for each Port on a Bridge, and part is a manageable priority component (9.2.7). The relative priority of Ports is determined by the numerical comparison of the unique identifiers, with the lower numerical value indicating the better identifier.

[0073] Each LAN in the Bridged Local Area Network also has an associated Root Path Cost. This is the Root Path Cost of the lowest cost Bridge with a Bridge Port connected to that LAN. This Bridge is selected as the Designated Bridge for that LAN. If there are two or more Bridges with the same Root Path Cost, then the Bridge with the best priority (least numerical value) is selected as the Designated Bridge. The Bridge Port on the Designated Bridge that is connected to the LAN is assigned the role of Designated Port for that LAN. If the Designated Bridge has two or more ports connected to the LAN, then the Bridge Port with the best priority Port Identifier (least numerical value) is selected as the Designated Port. In a Bridged Local Area Network whose physical topology is stable, i.e. the Rapid Spanning Tree Algorithm has communicated consistent information throughout the network, every LAN has one and only one assigned Designated Port, and every Bridge with the exception of the Root Bridge has a Root Port connected to a LAN.

[0074] Any operational Bridge Port that is not assigned a Port Role of Root Port or Designated Port is a Backup Port if that Bridge is the Designated Bridge for the attached LAN, and an Alternate Port otherwise. An Alternate Port offers an alternate path in the direction of the Root Bridge to that provided by the Bridge's own Root Port, whereas a Backup Port acts as a backup for the path provided by a Designated Port in the direction of the leaves of the Spanning Tree. Backup Ports exist only where there are two or more connections from a given Bridge to a given LAN; hence, they (and the Designated Ports that they back up) can only exist where two ports are connected together in loopback by a point to point link, or where the Bridge has two or more connections to a shared media LAN segment.

[0075] NOTE—The distinction between the Alternate and Backup Port Roles does not appear in the Spanning Tree Algorithm and Protocol described in Clause 8. This distinction is introduced in RSTP in order to make it possible to describe the possibility of rapidly transitioning an Alternate Port to Forwarding on failure of the Root Port.

[0076] (IEEE Draft P802.1w/D9“Supplement to ISO/IEC 15802-3 (IEEE Std 802. 1D), Information technology—Telecommunications and information exchange between systems—Local and metropolitan area networks—Common specifications—Part 3: Media Access Control (MAC) Bridges: Rapid Reconfiguration,” Sponsor: LAN MAN Standards Committee of the IEEE Computer Society, Jan. 12, 2001, pages 37-38. (numerical references in parenthesis in the quote are to sections of P802.1w/D9))

[0077] IEEE Draft P802.1w/D9 and IEEE Std 802.1D are incorporated by reference as if fully set forth herein, providing examples of spanning tree protocols, and of 802.1 standard spanning tree protocols.

[0078] According to the present invention, the spanning tree protocol (or another active topology protocol) is used on edge devices, which act as an interface between customer equipment and a network executing the active topology protocol, to selected an active connection to the network. In this example, the spanning tree protocol is run to select a Root Port, and to use the selected port as the active connection to the network. However, no packets ingressing at a port coupled to the spanning tree network are allowed to egress at any port coupled to the spanning tree network. Ports coupled to the spanning tree network that are not selected as the active port, are placed in blocking state, and provide a backup connection to the spanning tree network. No traffic is allowed to traverse the edge device, except that destined to the customer equipment, or originating in the customer equipment. The edge device, and the customer equipment are therefore protected from becoming a link between portions of the spanning tree network, while taking advantage of the intelligence of the spanning tree protocol to make efficient choices of active links to the network. If the spanning tree costs of the ports change, then the ports coupled to the spanning tree network in the blocking state may be selected as the active port.

[0079]FIG. 3 illustrates a basic configuration of a network using the modified spanning tree protocol of the present invention. A Metropolitan Area Network 120 includes interior switches 121 and 122, operating a layer two protocol, such as Gigabit Ethernet, with switches configured using the spanning tree protocol. Access switches 123 and 124 are coupled to the interior switches 121 and 122 by a redundant, route diverse collection of links 125, 126, 127 and 128. The access switches include resources for source address filtering to provide for provisioning of secure communication channels among customers of the network, as described in the above cross-referenced application. Service interface unit 129 is coupled to the access switches by links 131 and 132. Other service interface units may also be coupled to the access switches 123 and 124.

[0080] The access switches and the interior switches participate in the spanning tree, and propagate spanning tree configuration messages, known as BPDUs, to support the dynamic configuration of the switches in the spanning tree network. Thus, the best route to the root of the network can change in response to events remote from the service interface unit 129. The service interface unit 129 selects an active link based upon the spanning tree information received from the access switches 123 and 124. Thus, service interface unit 129 selects either link 131 or link 132 as an active link in response to the spanning tree configuration messages received at one or both of the network interfaces coupled to the links 131 and 132. The service interface unit is configured to prevent any packet ingressing on the links 131 and 132 from egressing on the links 131 and 132. In one embodiment, packets ingressing at a port on the edge device are associated with a port number. The edge device is configured so that the ingress port number is used as a filter to prevent egress of packets on other ports coupled to the spanning tree network. Thus, no transit path can be established between the links 131 and 132. In this manner, traffic from access switch 124, will not follow the route 136 on link 132 to service interface unit 129, and on link 131 to access switch 123 in its route to the root of the tree, even if this route 136 would otherwise be the least cost route according to the spanning tree.

[0081]FIG. 4 shows one example network topology with spanning tree configuration information, according to a preferred embodiment in which the interior switches comprise high speed Ethernet switches in collocation sites in a metropolitan area network. The network includes a plurality of fiber segment extending between collocation sites. The fiber segments are arranged for configuration as a ring, but partitioned and managed according to a spanning tree protocol. The switches P5 and P6 correspond to the interior switches 121 and 122 of FIG. 3.

[0082] In FIG. 4, the filled circle, unfilled circle, and parallel line markings correspond to the designated port, root port, and alternate port in the blocking state, respectively, according to the spanning tree protocol. In this example, the switch P1 is the root of the tree. The switch P1 has five designated ports. One designated port is coupled to an alternate port on switch P3 via an internal link. Another designated port on switch P1 is coupled to a root port on switch P2 via a link 2-1. Another designated port on switch P1 is coupled to a root port on switch P5 via link 5-1. A fourth designated port on switch P1 is coupled to a root port on switch P4 via a link 1-4. A fifth designated port on switch P1 is coupled to a root port on P2 via a link 1-2. A designated port on switch P6 is coupled via a link 6-3 to a root port on switch P3. A designated port on switch P5 is coupled to an alternate port on switch P6 via an internal link. A designated port on switch P2 is coupled to a root port on switch P6 via link 2-6. A designated port on switch P2 is coupled via an internal link to an alternate port on switch P4.

[0083] The access switches 123 and 124, and the service interface unit 129 have the same reference numerals as used in FIG. 3. Switch P5 has designated ports coupled via links 125 and 128 to root ports on access switches 123 and 124 respectively. Switch P6 has designated ports coupled via links 126 and 127 to ports in a blocking state on access switches 123 and 124, respectively, acting as backup links. The spanning tree configuration information is propagated to the service interface unit 129, which elects the network interface coupled to link 131 as the active link, and the network interface coupled to link 132 as the backup link. This could be changed for example if the link 125 were broken, making the port coupled to link 126 become selected as the root port on switch 123. The best route to the root for the service interface unit 129 would change from link 131 to link 132, in this case; because the route through access switch 124, and interior switch P5 to the root P1, is a lower cost path than the route through access switch 123 on link 126, interior switch P6, and interior switch P2 to the root P1.

[0084]FIG. 5 shows configuration of an access service for a spanning tree network according to the present invention, and includes a demarcation device 200, a secure network switch 201 and customer-owned equipment 202. The demarcation device 200 supports a plurality of service interfaces to customer equipment in this example.

[0085] A demarcation device 200 is typically situated between customer-owned equipment and a secure MAN access switch. The demarcation device 200 connects to customer-owned equipment 202 through one or more service interfaces 203. The demarcation device 200 converts between the physical layer of the drop 204 and that of the service interfaces 203. The demarcation device 200 also performs surveillance and maintenance functions.

[0086] The drop 204 will typically use a fiber optic link with at least 1 Gbps bandwidth although other transmission technologies may be used, e.g., high bandwidth wireless transmission. The type of transmission used is transparent to the customer.

[0087] The service interface 203 is the point at which customer-owned equipment 202, typically an internet protocol IP or multiprotocol router, is attached. This interface 203 runs IP over 10/100/1000 Mbps Ethernet for example, using either a copper or fiber physical layer. An auto-sensing 10/100 Ethernet service interface may also be used. Also, other higher speed Ethernet technologies could be used.

[0088] In the secure MAN, the ‘demarcation devices’ situated on individual customer's premises can provide for redundant connections to the rest of the network. Selection of one link in preference to another can be achieved by use of the spanning tree or a similar protocol. However, only traffic that is transmitted by or destined for a given customer is allowed to reach that customer's demarcation device (a packet switch). It is not desirable that a demarcation device act as a transit link in the network, ensuring full connectivity from one part of the network to another, either during a reconfiguration of the network or while the active topology is stable. Rather the network should partition if there is no other connectivity between the two halves.

[0089] In the past, the simple selection of one link or another for connection to the interior of a network has been performed by a simple physical layer redundancy scheme that interrogates the health of the links from a demarcation device switch to the network. One link is configured as a primary link and the secondary link is activated only if the primary fails a simple connectivity test to the remainder of the network, e.g. loss of the transmitted light signal.

[0090] One embodiment of the secure MAN improves on this prior arrangement, while not allowing the demarcation device to participate in the active topology of the network, by choosing the active link from the demarcation device to the network on the basis of the spanning tree information received by the device, but not allowing it to forward or generate spanning tree information. This arrangement protects against a failure in the network that causes the switch connected to by the demarcation device to be separated from the main body of the network.

[0091] The access option of FIG. 5 involves use of a redundant switch access service, in which a second drop 210 is connected from the demarcation device 200 to a different secure MAN switch 211. This is done to maximize diversity. A failure of a drop, the switch, or the switch port will result in data flowing over the drop to be rerouted over the redundant drop in a very short time, e.g., less than 50 ms.

[0092] In redundant switch single tenant access service, the drops will typically reside within the same physical path from the customer premises to the first splice point at which point they will follow diverse physical paths.

[0093] Parallel single tenant access service is another alternative, as shown in FIG. 6. In this case, drops 204 and 212 terminate on the same secure MAN switch 201. Unlike redundant single tenant access service, the multiple drops 204, 212 can be used for load sharing in that data can flow over the drops simultaneously. In the event of a failure of a drop or the switch port, data flowing over the drop will be rerouted to the other drop in a very short time, e.g., less than 50 ms. In parallel single tenant access service, the drops will typically reside within the same physical path from the customer premises to the point-of-presence of the first secure MAN switch.

[0094] Another access service option is fully redundant single tenant access service as illustrated in FIG. 7, including redundant demarcation devices 200, 220 and redundant switches 204, 221 with redundant drops 204, 222, 223, 224 for each demarcation device-access switch pair. Fully redundant single tenant access service protects against the same failures that redundant switch single tenant access service does and in addition protects against failure of a demarcation device and the failure of the customer-owned equipment attached to a service interface. Both service interfaces 203, 225 are activated for customer use but the ability to simultaneously use them will depend on the details of the routing protocol being used by the customer. Similarly the ability of the customer-owned equipment to detect a failure and start using a service interface on the other demarcation device will depend on the details of the routing protocol being used by the customer.

[0095] In fully redundant single tenant access service, the drops will typically reside within the same fiber optic cable from the customer premises to the first splice point at which point they will follow diverse physical paths.

[0096] In both of the above examples, each demarcation device is dedicated to a single customer. In addition, the secure MAN Services that a customer sees across the service interface is the same no matter which configuration is used.

[0097] In another situation co-location facility access is used as shown in FIGS. 8 and 9. In some ways collocation facility access is like multi-tenant access. However, the secure MAN service provider will have leased space in the facility in which the customer demarcation device is placed. The preferred configuration for a collocation facility is shown in FIG. 8. The demarcation device 320 is in the customer's rack 321 and dual connected back to different switches 322, 323 located in a secure MAN rack 324. These connections are effected by Gigabit Ethernet multi-mode fiber cross-connects. The customer-owned equipment connects to the demarcation device with the appropriate Ethernet cable. Additional customers may use the same co-location facility, as shown by demarcation device 324 in rack 325.

[0098] In some cases, the customer may not want to accommodate the demarcation device in his or her rack space. In this case, the configuration is that shown in FIG. 9. The demarcation device 330 is in the secure MAN rack and is dual connected to the two switches 331, 332 in the rack. The customer-owned equipment 333, 334 is connected to the demarcation device 330 via an appropriate Ethernet cross-connect. In large collocation facilities, this cross-connect will typically be multimode fiber. A demarcation device 330 can be used for supporting multiple customers.

[0099] There are other possibilities including a mix of centralized and distributed demarcation a devices. It may also be possible and/or desirable to share a demarcation device among more than one customer.

[0100] Once customers have established connections to the secure MAN network, links among them are established using the provisioning system referenced above. Links in this example embodiment are referred to as virtual connections.

[0101] Virtual connection service provides the transfer of data between multiple service interfaces. Three kinds of virtual connection services in this example, include point-to-point, point-to-multipoint, and multipoint-to-multipoint.

[0102] In point-to-point virtual connections, an internet protocol IP packet delivered across a service interface is delivered to exactly one other service interface. Of course, in addition to IP, other higher layer protocols may be utilized for virtual connections of all types. This service is like a physical wire.

[0103] Virtual connections among customers in the preferred embodiment are established by Physical Layer (layer 1) and data link layer (layer 2) contructs.

[0104]FIG. 10 illustrates a fiber ring network extending around a path of about 20 miles, which is made of bundles of fibers laid in right of ways within a metropolitan area. Segments of the ring are logically partitioned as segments of an ethernet network, configured as a tree, rather than a ring, illustrating a layout according to the present invention other than the cross-connected broken ring. Switches in the tree comprise standard 100 Megabit, Gigabit or higher ethernet switches configured according to the Spanning Tree Protocol, or variations of the Spanning Tree Protocol.

[0105] In FIG. 10, switch P1 is a root of the tree, labeled P1, 0, P1 to indicate that the root of the tree is P1, the distance to the root is 0, and the upstream (toward the root) switch is P1. The interconnection of the tree can be understood by the upstream links for the switches. Thus there are no upstream links from switch P1. Switch P2 (P1,1,P1) is connected by fibers F1 and F2 to switch P1. Switch P3 (P1,2,P2) is connected by fiber F7 to switch P2. Fibers I1 and I2 are configured as backup links to switch P1 from switch P3. Switch P4 is connected by fibers F3 and F4 to switch P1. Fibers I3 and I4 are connected as backup links to switch P2 from switch P4. Switch P5 is connected by fibers F5 and F6 to switch P1. Fiber F8 is connected as a backup link from switch P5 to switch P2. Switch P6 is connected by fibers F9 and F10 to switch P2. Fiber F12 is a backup link from switch P6 to switch P5. Switch P7 is connected by fiber F11 to switch P3. Fibers I5 and I6 act as backup links to switch P5 from switch P7. Switch P8 is connected by fiber F13 to switch P5. Fibers I7 and I8 are connected as backup links from switch P8 to switch P6.

[0106] The fibers F1 to F13 and I1 to I8 comprise dark fibers in the fiber ring, which have been partitioned as point to point fiber segments in the tree as shown. Thus, fiber of a single ring can be re-used spatially. That is segments of a single ring can be used independently for point-to-point links in the tree.

[0107] The interior switches are managed according to the spanning tree protocol. However, edge devices, such as the demarcation devices described above, execute the modified spanning tree process to select an active link to the network, without the possibility of becoming a transit link for the interior switches.

Conclusion

[0108] The present invention provides a system facilitating high data bandwidth interconnection between private networked locations to those who choose not to operate their own facilities. It provides security, performance reporting, and bandwidth management to all its customers. Furthermore, provisioning of connections in the secure MAN is simplified, automatic, and accomplished with very low transaction costs.

[0109] While the present invention is disclosed by reference to the preferred embodiments and examples detailed above, it is to be understood that these examples are intended in an illustrative rather than in a limiting sense. It is contemplated that modifications and combinations will readily occur to those skilled in the art, which modifications and combinations will be within the spirit of the invention and the scope of the appended claims. 

What is claimed is:
 1. A method of managing redundant connection of an edge device and a network managed according to an active topology protocol in which active topology configuration messages propagate among switches in the network, and in which a plurality of ports on the edge device are coupled to the network, comprising: monitoring active topology configuration messages at least one port of the plurality of ports on the edge device coupled to the network; selecting a port in the plurality of ports on the edge device coupled to the network as an active port for traffic between the network and the edge device, in response to the active topology configuration messages; and preventing traffic ingressing at any port coupled to the network from egressing at any port coupled to the network.
 2. The method of claim 1, wherein the active topology protocol comprises a spanning tree protocol, and the active port is selected by selecting a port which would have a least cost path to a root of the network according to the spanning tree protocol.
 3. The method of claim 1, wherein the active topology protocol comprises a spanning tree protocol is compliant with an IEEE 802.1 standard spanning tree protocol.
 4. The method of claim 1, including executing a communication protocol for a switched local area network.
 5. The method of claim 1, including executing a protocol compliant with an Ethernet standard in the edge device.
 6. The method of claim 1, wherein the edge device comprises a service interface unit, the service interface unit having a service interface coupled via a link to a customer device having an unique MAC address.
 7. A method of managing redundant connection of an edge device on a network managed according to a spanning tree protocol in which spanning tree configuration messages propagate among switches in the network, and in which a plurality of ports on the edge device are coupled to the network, comprising: monitoring spanning tree configuration messages at least one port of the plurality of ports on the edge device coupled to the network; selecting a port in the plurality of ports on the edge device coupled to the network as an active port for traffic between the network and the edge device and another port in the plurality of ports as backup port, in response to the spanning tree configuration messages, wherein the active port is selected by selecting a port which would have a least cost path to a root of the network according to the spanning tree protocol; and preventing traffic ingressing at the active port coupled to the network from egressing at the backup port coupled to the network.
 8. The method of claim 7, wherein the spanning tree protocol is compliant with an IEEE 802.1 standard spanning tree protocol.
 9. The method of claim 7, including executing a communication protocol for a switched local area network.
 10. The method of claim 7, including executing a protocol compliant with an Ethernet standard in the edge device.
 11. The method of claim 7, wherein the edge device comprises a service interface unit, the service interface unit having a service interface coupled via a link to a customer device having an unique MAC address.
 12. A communication network, comprising: a plurality of communication links; a plurality of switches coupled to the communication links, the switches executing an active topology protocol; and a plurality of edge devices, at least one edge device in the plurality of edge devices having a port coupled via a link to a customer device, and having a plurality of network interfaces coupled via respective links to a switch or to switches in the plurality of switches, the at least one edge device configured to monitor the active topology protocol to select a network interface in the plurality of network interfaces as an active port for traffic between the switch or switches and the edge device, in response to the active topology protocol; and to prevent traffic ingressing at any network interface in the plurality of network interfaces from egressing at any network interface.
 13. The network of claim 12, wherein the active topology protocol comprises a spanning tree protocol, and the active port is selected by selecting a network interface which would have a least cost path to a root of the spanning tree according to the spanning tree protocol.
 14. The network of claim 12, wherein the active topology protocol comprises a spanning tree protocol compliant with an IEEE 802.1 standard spanning tree protocol.
 15. The network of claim 12, wherein said plurality of switches execute a communication protocol for a switched LAN with multicast capability.
 16. The network of claim 12, wherein said plurality of switches execute a protocol compliant with an Ethernet standard.
 17. A metropolitan area network, comprising: a plurality of communication links which traverse a metropolitan area; a plurality of switches coupled to the communication links, the switches executing a spanning tree protocol, and including access switches and interior switches; and a plurality of service interface units, at least one service interface unit in the plurality of service interface units having a service interface coupled via a link to a customer device with an unique MAC address, and having a plurality of network interfaces coupled via respective links to an access switch or to access switches in the plurality of switches, the at least one service interface unit configured to monitor spanning tree configuration messages at least one port of the plurality of network interfaces; to select a network interface in the plurality of network interfaces as an active port for traffic between the access switch or switches and the service interface unit in response to the spanning tree configuration messages; and to prevent traffic ingressing at any network interface in the plurality of network interfaces from egressing at any network interface.
 18. The network of claim 17, wherein the active port is selected by selecting a network interface which would have a least cost path to a root of the spanning tree according to the spanning tree protocol.
 19. The network of claim 17, wherein the spanning tree protocol is compliant with an IEEE 802.1 standard spanning tree protocol.
 20. The network of claim 17, wherein said plurality of switches execute a communication protocol for a switched LAN.
 21. The network of claim 17, wherein said plurality of switches execute a protocol compliant with an Ethernet standard. 